data: unknown，payload unknown

[binbinshi]

cmd: grpcdump -i lo -p xxxx -f xxx.proto
log :
Jul 10 16:46:29.858333 xxx:36035->xxx:25462 packetno:1 streamid:1 data:(unknown)
Jul 10 16:46:29.858693 xxx:25462->xxx:36035 packetno:5 streamid:1 data:(unknown)
Jul 10 16:46:34.857590 xxx:36035->xxx:25462 packetno:12 streamid:1 data:(unknown)
Jul 10 16:46:34.857924 xxx:25462->xxx:36035 packetno:16 streamid:1 data:(unknown)
Jul 10 16:46:39.857601 xxx:36035->xxx:25462 packetno:26 streamid:1 data:(unknown)
Jul 10 16:46:39.857894 xxx:25462->xxx:36035 packetno:30 streamid:1 data:(unknown)
Jul 10 16:46:44.857749 xxx:36035->xxx:25462 packetno:37 streamid:1 data:(unknown)

my question : why payload is unknown , what should i do the payload can parse to object；

[jschwinger233]

Care to upload your pcap file and proto file for my investigation?

[jschwinger233]

Would you like to try grpcdump -p 24461 -r 20230710.pcap -f master.proto -m AUTO? The key is -m AUTO.

The reason why it didn't parse the data is that we missed the first packet which initiated the grpc stream and carried the hpack header compression info, therefore we can't parse the consequent traffic, unless we try our luck to do some guess, which is -m AUTO meant to do.

[jschwinger233]

Be aware that -m AUTO works on guess, so there could be mistakes happened, especially when multiple grpc messages are defined as exactly same data structure layout.

[binbinshi]

Good. Thank you very much. Got it